2023-09-29 19:08:35 +02:00
|
|
|
<?php
|
2023-09-29 21:29:29 +02:00
|
|
|
/* curload
|
|
|
|
|
* Simple file uploading using POST requests and temporary keys
|
|
|
|
|
* Licensed under the GNU Affero General Public License version 3.0
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
include "create-table.php";
|
|
|
|
|
|
|
|
|
|
function getIPAddress() {
|
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
|
return $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
|
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
|
} else {
|
|
|
|
|
return $_SERVER['REMOTE_ADDR'];
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
function getUserAgent() {
|
|
|
|
|
return $_SERVER['HTTP_USER_AGENT'];
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
// TODO: Hash passwords
|
|
|
|
|
function addKey($adminKey, $Value) {
|
|
|
|
|
include "config.php";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database = createTables($sqlDB);
|
2023-09-30 01:28:36 +02:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
|
$Authorized = 0;
|
|
|
|
|
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
|
|
|
|
|
$Authorized = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-09-30 19:54:41 +02:00
|
|
|
|
|
|
|
|
// Make sure no existing key exists with that value
|
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == "$Value") {
|
|
|
|
|
print "A key with that value already exists.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($Authorized != 1) {
|
|
|
|
|
print "You are not authorized to perform this action.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$numberOfUploads = 0;
|
2023-09-30 01:28:36 +02:00
|
|
|
$lastUsed = "";
|
|
|
|
|
$Issued = "";
|
2023-09-29 21:29:29 +02:00
|
|
|
$ip = "";
|
|
|
|
|
$userAgent = "";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
|
$userAgent = getUserAgent();
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
|
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($storeIssued || $storeIssued == "true") {
|
|
|
|
|
$Issued = date($dateFormat);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
|
|
|
$lastUsed = date($dateFormat);
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
|
$ip = getIPAddress();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database->exec("INSERT INTO keys(key, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
function addTempKey($adminKey, $Value, $uploadsLeft) {
|
|
|
|
|
include "config.php";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database = createTables($sqlDB);
|
2023-09-30 01:28:36 +02:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
|
$Authorized = 0;
|
|
|
|
|
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "") {
|
|
|
|
|
$Authorized = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-09-30 19:54:41 +02:00
|
|
|
|
|
|
|
|
// Make sure no existing key exists with that value
|
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == "$Value") {
|
|
|
|
|
print "A key with that value already exists.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($Authorized != 1) {
|
|
|
|
|
print "You are not authorized to perform this action.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$numberOfUploads = 0;
|
2023-09-30 01:28:36 +02:00
|
|
|
$lastUsed = "";
|
|
|
|
|
$Issued = "";
|
2023-09-29 21:29:29 +02:00
|
|
|
$ip = "";
|
|
|
|
|
$userAgent = "";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
|
$userAgent = getUserAgent();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($storeIssued || $storeIssued == "true") {
|
|
|
|
|
$Issued = date($dateFormat);
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
|
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
|
|
|
$lastUsed = date($dateFormat);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
|
$ip = getIPAddress();
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database->exec("INSERT INTO tkeys(key, numberofuploads, uploadsleft, lastused, issued, ip, useragent) VALUES('$Value', '$numberOfUploads', '$uploadsLeft', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
function addAdminKey($adminKey, $Value, $Primary) {
|
|
|
|
|
include "config.php";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$Database = createTables($sqlDB);
|
2023-09-30 01:28:36 +02:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
|
$Authorized = 0;
|
|
|
|
|
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == $adminKey && $adminKey != "" && $line['key'] != "" && $line['primaryadmin'] == 1) {
|
|
|
|
|
$Authorized = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-09-30 19:54:41 +02:00
|
|
|
|
|
|
|
|
// Make sure no existing key exists with that value
|
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
|
if ($line['key'] == "$Value") {
|
|
|
|
|
print "A key with that value already exists.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($Authorized != 1) {
|
|
|
|
|
print "You are not authorized to perform this action.";
|
|
|
|
|
die();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
$numberOfUploads = 0;
|
2023-09-30 01:28:36 +02:00
|
|
|
$lastUsed = "";
|
|
|
|
|
$Issued = "";
|
2023-09-29 21:29:29 +02:00
|
|
|
$ip = "";
|
|
|
|
|
$userAgent = "";
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($storeAgent || $storeAgent == "true") {
|
|
|
|
|
$userAgent = getUserAgent();
|
|
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
if ($storeIssued || $storeIssued == "true") {
|
|
|
|
|
$Issued = date($dateFormat);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($storeLastUsage || $storeLastUsage == "true") {
|
|
|
|
|
$lastUsed = date($dateFormat);
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-29 21:29:29 +02:00
|
|
|
if ($storeIP || $storeIP == "true") {
|
|
|
|
|
$ip = getIPAddress();
|
2023-09-29 19:08:35 +02:00
|
|
|
}
|
2023-09-29 21:29:29 +02:00
|
|
|
|
2023-09-30 01:28:36 +02:00
|
|
|
$Database->exec("INSERT INTO admins(key, primaryadmin, numberofuploads, lastused, issued, ip, useragent) VALUES('$Value', '$Primary', '$numberOfUploads', '$lastUsed', '$Issued', '$ip', '$userAgent')");
|
2023-09-29 21:29:29 +02:00
|
|
|
}
|
2023-09-29 19:08:35 +02:00
|
|
|
?>
|
